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Claims 



[cl] 



si . A computer-based method for a multiparty electronic service, the method 
comprising steps of: 

negotiating a machine interpretable service specification between all parties, 
whicn\would cooperate with a particular application running on a host system; 
defining, said service specification to: 
identify cooperating parties; 

identify a requestor and format of a service request, said request is adapted to 
contain information about an individual; 

conduct conditional processing steps required for said service request, said 
conditional proca^sing steps is adapted to use stored data about said individual; 
and 

provide conditional Notifications, said notifications is adapted to include 
additional informationVbout the individual described in the request; 
providing a secure computation environment in said host system; 
uploading said service specification into said secure computation environment; 
enforcing said service specification with regards to all cooperating 
parties;receiving a service request from said requestor; 
providing a secure co-processor\in said secure computation environment for 
processing said service request, wWre said secure processing includes: 
determining the service specification\that governs said service request; 
validating the actual requestor and theVontent of the service request against an 
expected requestor and expected content^ as defined in the service 
specification; and 

executing the conditional processing and the\iotifications as defined in the 
service specification. 



[c2] 



2. The method of claim 1 further comprising the step of allowing at least one 
party of said cooperating parties to cancel said service specification wherein al 
future service requests that rely on said cancelled serv^e specification will be 
rejected. 



[c3] 



3. The method of claim 2 wherein said steps of negotiating V machine 
interpretable service specification, uploading, enforcing, receiving a service 
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request, and canceling said service specification comprises the step of 
concocting said previous steps multiple times. 

[c4] 4. The method of claim 1 further comprising the steps of: 

negotiatiirg multiple machine interpretable service specifications; 
defining sam multiple service specifications; 

uploading sand multiple service specifications into said secure computation 
environment; and 

enforcing said multiple service specifications with regards to all cooperating 
parties. 

[c5] 5. The method of data 4 wherein said secure processing steps further 

comprises the step of having at least one of said secure processing steps being 
executed unconditional^ 

[c6] 6. The method of claim 1 wherein said secure processing steps further 

comprises the step of having^at least one of said secure processing steps use 
data provided in said service request and found in said host system to derive 
further information about said individual described in said service request. 

[c7] 7. The method of claim 6 wherein said at least one of said secure processing 

steps further comprises the step of computing a correlation between biometric 
data provided in said service request a\d biometric data looked up in said host 
system. 

[c8] 8. The method of claim 1 wherein said step W providing conditional 

notifications further comprises the step of providing an empty message. 

[c9] 9. The method of claim 1 wherein said step of negotiating a machine 

interpretable service specification between all parties further comprises the step 
of providing a contract for governing the negotiated service specification. 

[cl 0] 10. The method of claim 1 wherein said secure processing steps further 

comprises the step of notifying said requestor that saia\service request was 
processed. 

t cl 1] 11. The method of claim 1 wherein said step of enforcing said service 
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[c12] 



[c13] 



[c14] 



[cl5] 



[cl6] 



[cl7] 
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specification further comprises the step of uploading at least one database from 
akleast one party of said cooperating parties, information contained therein 
fromsaid at least one database is stored in said host system. 

1 2. Theonethod of claim 4 wherein said step of negotiating multiple machine 
interpretable service specifications between any cooperating parties further 
comprises the step of providing a contract for governing each negotiated 
service specification. 

13. The method of claim 1 wherein said step of providing conditional 
notifications furthencomprises the step of providing a notification that is 
adapted to contain information about said individual. 

1 4. The method of claim \3, wherein said step of providing a notification that is 
adapted to contain information about said individual further comprises the step 
of providing said notification to at least one party of said cooperating parties, 
said at least one party of said cooperating parties is a party other than said 
requestor. 

1 5. The method of claim 1 4, wherein \aid step of providing a notification to at 
least one party of said cooperating parties that is adapted to contain 
information about said individual further comprises the step of providing 
notification to said at least one party of said\ooperating parties that is a party 
other than a provider of said stored data. 

16. The method of claim 1 wherein said step of ptaviding conditional 
notifications further comprises the step of providing a notification to at least 
one party of said cooperating parties that is adapted tp contain no information 
about said individual. 

17. Apparatus for a multiparty electronic service, the apparatus comprising: 
at least one host computer adapted to have at least one secure co-processor 
operating in a secure computation environment, said at least one host computer 
operative to: negotiate a machine interpretable service specification between all 
parties, which would cooperate with a particular application running on said 
host computer; upload said service specification into said secure computation 
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[c22] 



\ 



environment; enforce said service specification with regards to all cooperating 
parties; receive a service request from a requestor; execute secure processing of 
said^service request; and provide notifications as defined in the service 
specification. 

[cl 8] 1 8. The apparatus of claim 1 7, wherein said at least one host computer is 

further operative to define said service specification to: 
identify said\cooperating parties; 

identify said requestor and the format of said service request, said request is 
adapted to contain information about an individual; 

conduct conditional processing steps required for said service request, said 
conditional processing steps is adapted to use stored data about said individual; 
and 

provide conditional Notifications, said conditional notifications is adapted to 
include additional information about the individual described in the request. 

[cl 9] 1 9. The apparatus of claVn 1 7 wherein said at least one host computer is 

further operative to execute said secure processing to: 
determine the service specification that governs said service request; 
validate said requestor and the content of the service request against an 
expected requestor and expected contents as defined in the service 
specification; and 

execute conditional processing as Refined in the service specification. 

[c20] 20. The apparatus of claim 1 7 wherem said at least one host computer is 

further operative to provide said notifications as conditional notifications that is 
adapted to include additional informatioi\about an individual described in the 
request. 

[c21] 21. The apparatus of claim 17 wherein said atNeast one host computer is 

further operative to provide a contract for governing the negotiated service 
specification. 



22. The apparatus of claim 1 7 wherein said at least o\ie host computer 
operative to negotiate said machine interpretable service specification, upload 
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[c23] 



[c24] 



[c25] 



[c26] 



[c27] 



[c28] 



[c29] 



iaid service specification, enforce said service specification, and receive a 
service request, is further operative to conduct said negotiating, uploading, 
enforcing and receiving functions multiple times. 

23. The. apparatus of claim 1 7 wherein said at least one host computer is 
further operative to use data provided in said service request and found in said 
host computer to derive further information about an individual described in 
said service request. 

24. The apparatus of claim 23 wherein said at least one host computer is 
further operative \p compute a correlation between biometric data provided in 
said service request\and biometric data looked up in said host computer. 

25. The apparatus of claim 1 7 wherein said at least one host computer is 
further operative to commute a correlation between biometric data provided in 
said service request and bibmetric data looked up in said host computer. 

26. The apparatus of claim 1 Awherein said at least one host computer 
operative to provide notification^ is further operative to provide an empty 
message. 

27. The apparatus of claim 1 7 whereVi said at least one host computer is 
further operative to upload at least one\database from at least one party of said 
cooperating parties, information contained therein from said at least one 
database is adapted to be stored in said hoVt computer. 

28. The apparatus of claim 1 7 wherein said at\east one host computer 
operative to negotiate a machine interpretable service specification between all 
parties is further operative to: negotiate multiple machine interpretable service 
specifications; define said multiple service specifications; upload said multiple 
service specifications into said secure computation enWonment; and 
enforce said multiple service specifications with regards\to all cooperating 
parties. 

29. The apparatus of claim 1 7 wherein said at least one host Computer 
operative to provide notifications is further operative to notify said requestor 
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[c30] 



[c31] 




[c32] 



[c33] 



[c34] 



that said service request was processed. 

30. The apparatus of claim 27 wherein said at least one host computer 



operative to provide notifications is further operative to provide conditional 



notifications that is adapted to contain information about an individual. 



31 . The apparatus of claim 1 8 wherein said at least one host computer is 



further operative to provide said conditional notifications to another party of 
said cooperating parties, said another party of said cooperating parties is a 
party other thari said requestor. 

32. The method oXclaim 31, wherein said at least one host computer operative 
to provide said conditional notifications to said another party of said 
cooperating parties \ 

is further operative to pVovide said conditional notifications to a party other 
than a provider of said stcired data. 

33. An identification apparatus for matching individuals, the apparatus 
comprising: \ 

at least one host computer adapted to have at least one secure co-processor 
operating in a secure computation\environment, said at least one host computer 
operative to: negotiate a machine inWpretable contract between all parties, 
which would cooperate with a particular application running on said host 
computer; upload said contract into saicksecure computation environment; 
enforce said contract with regards to all cooperating parties; receive a service 
request from a requestor; execute secure processing of said service request; 
and provide notifications as defined in the contract. 

34. An article of manufacture for use in a multiparty electronic service, 
comprising a machine readable medium tangibly embodying a program of 
instructions executable by a machine for implementing a method, the method 
comprising steps of: \ 

negotiating a machine interpretable service specificatiola between all parties, 
which would cooperate with a particular application runnmg on a host system; 
defining said service specification to: \ 
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identify cooperating parties; 
identify a requestor and format of a service request, said request is adapted to 
contain information about an individual; 

conduct conditional processing steps required for said service request, said 
conditional processing steps is adapted to use stored data about said individual; 
and \ 

provide conditional notifications, said notifications is adapted to include 
additional information about the individual described in the request; 
providing a secure computation environment in said host system; 
uploading said seWice specification into said secure computation environment; 
enforcing said servite specification with regards to all cooperating 
parties;receiving a service request from said requestor; 
providing a secure co-processor in said secure computation environment for 
processing said service request, where said secure processing includes: 
determining the service specification that governs said service request; 
validating the actual requestor and the content of the service request against an 
expected requestor and expected contents as defined in the service 
specification; and \ 

executing the conditional processing and the notifications as defined in the 
service specification. \ 



35. A program storage device readable bV a machine, tangibly embodying a 
program of instructions executable by the machine to perform methods steps 
for managing a matching identification service, the method comprising the 
steps of: \ 

negotiating a machine interpretable service specification between all parties, 
which would cooperate with a particular application running on a host system; 
defining said service specification to: \ 
identify cooperating parties; \ 

identify a requestor and format of a service request, sara request is adapted to 
contain information about an individual; \ 
conduct conditional processing steps required for said service request, said 
conditional processing steps is adapted to use stored data ahout said individual; 



[c35] 
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e^nd 

provide conditional notifications, said notifications is adapted to include 
additional information about the individual described in the request; 
providing Secure computation environment in said host system; 
uploading said service specification into said secure computation environment; 
enforcing said servte specification with regards to all cooperating 
parties;receiving a service request from said requestor; 
providing a secure co-prowssor in said secure computation environment for 
processing said service reque^, where said secure processing includes: 
determining the service specification that governs said service request; 
validating the actual requestor and thKcontent of the service request against an 
expected requestor and expected contentV^s defined in the service 
specification; and 

executing the conditional processing and the notifications as defined in the 
service specification. 
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